Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-5308

AuthenticatedWebSession#authenticate should be protected, not public

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 6.9.1, 7.0.0-M1
    • 7.0.0-M1
    • wicket-auth-roles
    • None

    Description

      A common source of confusion in trainings is that when implementing security using wicket-auth-roles, you have to implement #authenticate in your own session class, but in the login form's #onSubmit you have to call #signIn.

      Both #authenticate and #signIn are public and both have identical signatures. Their names mean basically the same thing too. This is rather error-prone.

      I propose changing the visibility of #authenticate to protected. That way, it will still work the same as it does now, except it won't show up in code-completion anymore and won't compete with #signIn anymore.

      This should not be an API break, since #authenticate is abstract anyway and is always implemented in user code. Raising visibility from protected to public is always legal, so user code should not break from this change.

      Opinions?

      Attachments

        Activity

          People

            cmenzel Carl-Eric Menzel
            cmenzel Carl-Eric Menzel
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: